Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/A8Ej05bPXSyJSutko6zMXi_LdTs.roa
File:                     A8Ej05bPXSyJSutko6zMXi_LdTs.roa (raw, json)
Hash identifier:          l1Np2vyuCibE5G3ZNC4CZuxMVOv5Q0qw24MUV/m5PcU=
Subject key identifier:   03:C1:23:D3:96:CF:5D:2C:89:4A:EB:64:A3:AC:CC:5E:2F:CB:75:3B
Certificate issuer:       /CN=17e69ddc29a05b2c45ee3cc5a2340b2e4c6dad5d
Certificate serial:       019421B24899D77EF2F6686D3CF8FD45480F
Authority key identifier: 17:E6:9D:DC:29:A0:5B:2C:45:EE:3C:C5:A2:34:0B:2E:4C:6D:AD:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F-ad3CmgWyxF7jzFojQLLkxtrV0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/A8Ej05bPXSyJSutko6zMXi_LdTs.roa
Signing time:             Wed 01 Jan 2025 11:48:39 +0000
ROA not before:           Wed 01 Jan 2025 11:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204035
IP address blocks:        185.94.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/F-ad3CmgWyxF7jzFojQLLkxtrV0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/F-ad3CmgWyxF7jzFojQLLkxtrV0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F-ad3CmgWyxF7jzFojQLLkxtrV0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:48:99:d7:7e:f2:f6:68:6d:3c:f8:fd:45:48:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17e69ddc29a05b2c45ee3cc5a2340b2e4c6dad5d
        Validity
            Not Before: Jan  1 11:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03c123d396cf5d2c894aeb64a3accc5e2fcb753b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:85:da:97:b4:86:6d:4f:d1:4b:26:65:6a:26:
                    6b:b5:e8:97:11:11:b6:d9:d7:a6:fa:2f:dd:09:78:
                    08:01:32:7e:83:8d:a8:4b:94:58:1a:fe:5e:84:f2:
                    8a:f5:d7:f1:be:91:bc:32:e7:bb:51:57:15:46:f1:
                    02:d2:2f:1a:4f:54:7a:7e:95:ca:75:b1:98:03:5a:
                    83:43:fe:28:24:40:69:38:63:16:6d:90:c1:23:60:
                    b7:22:35:db:c3:9c:0e:72:dc:a5:e2:57:b3:f5:24:
                    35:38:ba:38:c2:51:c5:15:73:0b:84:3c:64:09:fa:
                    1a:d4:51:2c:48:b7:01:7d:60:9a:26:66:4f:12:6e:
                    93:27:d7:3e:dd:0d:96:b6:86:3e:a7:f0:24:4d:08:
                    61:ff:19:9a:8c:34:60:cb:8d:db:93:5f:f6:1b:c4:
                    b2:ba:65:b0:b2:05:18:a8:b6:47:52:10:3a:70:86:
                    18:24:bb:ce:8c:85:83:10:31:b5:72:66:1d:12:d5:
                    21:06:29:00:03:81:d8:f0:de:80:7a:25:b7:a0:95:
                    c1:d8:40:b5:5e:96:8d:af:79:ef:bd:13:88:7d:51:
                    2a:0d:2e:aa:67:58:75:b3:0f:7f:78:f4:ba:44:5c:
                    2c:f3:50:a6:7b:03:fb:d4:ab:10:90:75:84:3e:b8:
                    b1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:C1:23:D3:96:CF:5D:2C:89:4A:EB:64:A3:AC:CC:5E:2F:CB:75:3B
            X509v3 Authority Key Identifier:
                keyid:17:E6:9D:DC:29:A0:5B:2C:45:EE:3C:C5:A2:34:0B:2E:4C:6D:AD:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F-ad3CmgWyxF7jzFojQLLkxtrV0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/A8Ej05bPXSyJSutko6zMXi_LdTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/c8cc63-5305-4636-b336-e7176786f74a/1/F-ad3CmgWyxF7jzFojQLLkxtrV0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:bc:0d:31:06:7b:ed:ee:03:8f:a5:91:95:95:48:69:d3:64:
         92:7e:f9:73:d6:ae:d1:a8:0f:1e:b2:2a:dd:d6:ab:cf:b7:2d:
         43:15:ae:20:77:78:e8:75:87:c7:b9:a8:2a:3d:ff:4a:14:98:
         8c:a7:68:74:69:37:83:44:c4:61:7d:41:8c:40:a6:5e:81:2e:
         da:1a:18:cc:86:cf:93:49:28:fa:06:95:b2:46:d6:00:2c:6f:
         6b:be:79:82:0f:e7:c9:33:54:d7:e0:49:44:61:96:1f:fa:d6:
         ef:3c:f6:a1:a8:47:b7:7e:9a:55:c5:7e:31:13:d4:09:a8:96:
         f1:fc:e1:a9:22:1c:62:28:1d:b9:9b:8e:fc:c1:c1:17:4a:a0:
         c6:53:03:2a:be:25:8f:76:83:91:13:53:81:94:0d:ff:ba:88:
         e5:26:0a:c3:33:27:bd:44:c2:94:d7:8f:15:d9:07:de:ea:e7:
         cd:10:4c:5c:dc:db:13:34:63:5f:76:4b:8e:d0:83:b4:ff:f8:
         32:82:66:e7:45:47:e2:b3:e1:58:64:72:37:43:74:e9:a9:87:
         97:fa:96:e5:73:47:76:f7:2b:c4:ca:7b:bd:44:f6:cf:01:1e:
         64:d4:c1:db:f0:9c:d9:87:1c:46:32:2c:36:2e:cb:86:89:45:
         ae:df:f5:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskiZ137y9mhtPPj9RUgPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZTY5ZGRjMjlhMDViMmM0NWVlM2NjNWEyMzQwYjJlNGM2
ZGFkNWQwHhcNMjUwMTAxMTE0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2MxMjNkMzk2Y2Y1ZDJjODk0YWViNjRhM2FjY2M1ZTJmY2I3NTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IXal7SGbU/RSyZlaiZrteiXERG2
2dem+i/dCXgIATJ+g42oS5RYGv5ehPKK9dfxvpG8Mue7UVcVRvEC0i8aT1R6fpXK
dbGYA1qDQ/4oJEBpOGMWbZDBI2C3IjXbw5wOctyl4lez9SQ1OLo4wlHFFXMLhDxk
Cfoa1FEsSLcBfWCaJmZPEm6TJ9c+3Q2WtoY+p/AkTQhh/xmajDRgy43bk1/2G8Sy
umWwsgUYqLZHUhA6cIYYJLvOjIWDEDG1cmYdEtUhBikAA4HY8N6AeiW3oJXB2EC1
XpaNr3nvvROIfVEqDS6qZ1h1sw9/ePS6RFws81CmewP71KsQkHWEPrixaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPBI9OWz10siUrrZKOszF4vy3U7MB8GA1UdIwQY
MBaAFBfmndwpoFssRe48xaI0Cy5Mba1dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRi1hZDNDbWdXeXhGN2p6Rm9qUUxMa3h0clYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9jOGNjNjMtNTMwNS00NjM2LWIzMzYt
ZTcxNzY3ODZmNzRhLzEvQThFajA1YlBYU3lKU3V0a282ek1YaV9MZFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9jOGNjNjMtNTMwNS00NjM2LWIzMzYtZTcxNzY3ODZmNzRh
LzEvRi1hZDNDbWdXeXhGN2p6Rm9qUUxMa3h0clYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuV7+MA0G
CSqGSIb3DQEBCwUAA4IBAQAzvA0xBnvt7gOPpZGVlUhp02SSfvlz1q7RqA8esird
1qvPty1DFa4gd3jodYfHuagqPf9KFJiMp2h0aTeDRMRhfUGMQKZegS7aGhjMhs+T
SSj6BpWyRtYALG9rvnmCD+fJM1TX4ElEYZYf+tbvPPahqEe3fppVxX4xE9QJqJbx
/OGpIhxiKB25m478wcEXSqDGUwMqviWPdoORE1OBlA3/uojlJgrDMye9RMKU148V
2Qfe6ufNEExc3NsTNGNfdkuO0IO0//gygmbnRUfis+FYZHI3Q3TpqYeX+pblc0d2
9yvEynu9RPbPAR5k1MHb8JzZhxxGMiw2LsuGiUWu3/We
-----END CERTIFICATE-----